If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

ATTENTION: Windows 10 users

Beta 2 build is now available!

If you just upgraded to Windows 10 or running build 10240 or greater of Win 10 pre-release you will need to download and install the new version of ZoneAlarm 14.0.157.000

Re: Win32.Softomate recreates itself in the registry after deletion

It has come back, but only when i've established a connection to the internet

So, is there a way to delete instalty the registry keys that I specify that may appear out of nowhere so i don't have to manually delete them myself?

i'm sorry if this is a long winded post

this is a summary:

In summary, when the key HKEY_USERS\S-1-5-21-2258042937-489720601-3762058672-1006\Software\...\{00021492-0000-0000-C000-000000000046} is created [...somehow.. by the contents of \ShellNew\?] the key HKEY_CURRENT_USER\Software\...\{00021492-0000-0000-C000-000000000046} is created WHICH IS THE TROJAN.

In summary, when the key HKEY_USERS\S-1-5-21-2258042937-489720601-3762058672-1006\Software\...\{00021492-0000-0000-C000-000000000046} is created [...somehow.. by the contents of \ShellNew\?] the key HKEY_CURRENT_USER\Software\...\{00021492-0000-0000-C000-000000000046} is created which ZoneAlarm picks up as the trojan

The issue that i'm facing :now: is whenever the trojan has come back, it slows my dsl connection to a crawl, ... when i delete it, it's back to normal, then the trojan comes back &gt; only to return my dsl to erratic ping spikes then to a slow crawl.

Re: Win32.Softomate recreates itself in the registry after deletion

Hi

It may very well be a false positive. And hopefully a user has reported it to Zone Labs.

To be on the safe side, consider the possibility of a rootkit, To check it further, perhaps use the RootKitRevealer from sysinternals.com and the Blacklight from F-Secure. Both are freewarea and are strictly scanners with no removal and very easy to use. Removal is the manual process, but they will say exactly what and where it is. Please do the browser and disk cleaning first before the sacns and also a file cleaner if you use one.

Re: Win32.Softomate recreates itself in the registry after deletion

Greetings. I am afraid I have to report exactly the same problem of Win32 Softomate being detected by the latest version of ZA Security Suite, deleting it, only for the same Registry entry to crop up 24 hours or approx 2 reboots later. Clearly cleaing out the registry key is not removing the programme - is it being re-activated via an incoming message string not stoppd by ZA Firewall perhaps? Plus it is very interesting that no other programme - and I have run THE LOT! - can find it! On the other hand, the contributor who suggested a false positive also said his broadband connection slowed dramatically when this trojan was present - a contradiction I think! I know where it came from - a Fire Emblem screensaver downloaded from http://feonline.simgames.net/to pleae a youngster. I would not normally risk such a site but McAfee Site Advisor gave it a green. And trying to contact McAfee about such matters is a waste of time labyrinth.I no longer trust their reports.Any help gratefully accepted. And any reason Zone Alarm/ Checkpoint have not got to grips with this problem?
Nick H (NickPail)